- If the firewall is enabled, open access for HTTP and HTTPS traffic.
sudo ufw allow 80
sudo ufw allow 443
- Installing the "Let's Encrypt" package
sudo apt install letsencrypt
3.installs the "certbot.timer" utility for automatic certificate renewal.
sudo systemctl status certbot.timer
4.Standalone server for getting the "Let's Encrypt" SSL certificate
Replace domain-name.com with your domain name, run the command, and follow the instructions:
sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d domain-name.com
5.Automatic installation of the SSL certificate on nginx and Apache web servers
To check if your web server is on nginx and Apache, with these:
nginx -v
or
apache2 -v
and followed the instruction to install nginx or apache.
- Automatic installation of the SSL certificate on nginx and Apache web servers
apt-get install -y python3-certbot-nginx
or
apt install python3-certbot-apache
for nginx run this:
sudo certbot --nginx --agree-tos --preferred-challenges http -d domain-name.com
for apache run this:
sudo certbot --apache --agree-tos --preferred-challenges http -d domain-name.com
7."Let's Encrypt" Wildcard SSL certificate
To create a wildcard certificate, the only possible challenge method is DNS. In the d parameter, you must specify both the bare domain and wildcard.
sudo certbot certonly --manual --agree-tos --preferred-challenges dns -d domain-name.com -d *.domain-name.com
After that, place the specified TXT record on your DNS server and click continue.
If everything is well, you will see the path where your new wildcard certificate is stored and some other information.
